apko 数据伪造问题漏洞

Apko is an open-source OCI image builder based on APK. Versions of Apko prior to 1.2.7 had a data manipulation vulnerability. This vulnerability stemmed from verifying the APKINDEX.tar.gz signature but failing to compare the downloaded.apk package with the checksum in the signature index. This...

apko 安全漏洞

Apko is an open-source OCI image builder based on APK. Versions of Apko from 0.14.8 to 1.1.1 contained security vulnerabilities. These vulnerabilities stemmed from a path traversal vulnerability in the dirFS file system abstraction layer, which could lead to the creation of directories or symboli...